Hubbry Logo
Wi-Fi Protected SetupWi-Fi Protected SetupMain
Open search
Wi-Fi Protected Setup
Community hub
Wi-Fi Protected Setup
logo
8 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Wi-Fi Protected Setup
Wi-Fi Protected Setup
Wi-Fi Protected Setup
View on Wikipedia
from Wikipedia

The WPS push button (center, blue) on a wireless router showing the symbol defined by the Wi‑Fi Alliance for this function.

Wi‑Fi Protected Setup (WPS), referred to as Wi‑Fi Simple Configuration in the specification, and branded as WPS, is a standard designed to ease the setup of Wi‑Fi networks in home and small office environments.[1]

Created by Wi‑Fi Alliance, the purpose of the protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to set up Wi‑Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases. It is used by devices made by HP, Brother and Canon, especially for their printers. WPS is a wireless method that is used to connect certain Wi‑Fi devices, such as printers and security cameras, to the Wi‑Fi network without using any password. In addition, another way to connect is called WPS PIN; this is used by some devices to connect to the wireless network.[2]

A major security flaw was revealed in December 2011 that affects wireless routers with the WPS PIN feature, which most recent models have enabled by default. The flaw allows a remote attacker to recover the WPS PIN in 4–10 hours[3] with a brute-force attack and, with the WPS PIN, the network's WPA/WPA2 pre-shared key (PSK).[4] Users have been urged to turn off the WPS PIN feature,[5] although this may not be possible on some router models.[6]

Modes

[edit]

The standard emphasizes usability and security, and allows four modes in a home network for adding a new device to the network:

PIN method
In which a PIN has to be read from either a sticker or display on the new wireless device. This PIN must then be entered at the "representant" of the network, usually the network's access point. Alternately, a PIN provided by the access point may be entered into the new device. This method is the mandatory baseline mode and everything must support it. The Wi‑Fi Direct specification supersedes this requirement by stating that all devices with a keypad or display must support the PIN method.[7]
Push button method
In which the user has to push a button, either an actual or virtual one, on both the access point and the new wireless client device. On most devices, this discovery mode turns itself off as soon as a connection is established or after a delay (typically 2 minutes or less), whichever comes first, thereby minimizing its vulnerability. Support of this mode is mandatory for access points and optional for connecting devices. The Wi‑Fi Direct specification supersedes this requirement by stating that all devices must support the push button method.[8]
Near-field communication method
In which the user has to bring the new client close to the access point to allow a near-field communication between the devices. NFC Forum–compliant RFID tags can also be used. Support of this mode is optional.
USB method
In which the user uses a USB flash drive to transfer data between the new client device and the network's access point. Support of this mode is optional, but deprecated.

The last two modes are usually referred to as out-of-band methods as there is a transfer of information by a channel other than the Wi‑Fi channel itself. Only the first two modes are currently[when?] covered by the WPS certification. The USB method has been deprecated and is not part of the Alliance's certification testing.[citation needed]

Some wireless access points have a dual-function WPS button, and holding this button down for a shorter or longer time may have other functions, such as factory-reset or toggling WiFi.[9] [additional citation(s) needed]

Some manufacturers, such as Netgear, use a different logo and/or name for Wi‑Fi Protected Setup;[10] the Wi‑Fi Alliance recommends the use of the Wi‑Fi Protected Setup Identifier Mark on the hardware button for this function.[11]

Technical architecture

[edit]

The WPS protocol defines three types of devices in a network:

Registrar
A device with the authority to issue and revoke access to a network; it may be integrated into a wireless access point (AP), or provided as a separate device.
Enrollee
A client device seeking to join a wireless network.[12]
AP
An access point functioning as a proxy between a registrar and an enrollee.

The WPS standard defines three basic scenarios that involve components listed above:

AP with integrated registrar capabilities configures an enrollee station (STA)
In this case, the session will run on the wireless medium as a series of EAP request/response messages, ending with the AP disassociating from the STA and waiting for the STA to reconnect with its new configuration (handed to it by the AP just before).
Registrar STA configures the AP as an enrollee
This case is subdivided in two aspects: first, the session could occur on either a wired or wireless medium, and second, the AP could already be configured by the time the registrar found it. In the case of a wired connection between the devices, the protocol runs over Universal Plug and Play (UPnP), and both devices will have to support UPnP for that purpose. When running over UPnP, a shortened version of the protocol is run (only two messages) as no authentication is required other than that of the joined wired medium. In the case of a wireless medium, the session of the protocol is very similar to the internal registrar scenario, but with opposite roles. As to the configuration state of the AP, the registrar is expected to ask the user whether to reconfigure the AP or keep its current settings, and can decide to reconfigure it even if the AP describes itself as configured. Multiple registrars should have the ability to connect to the AP. UPnP is intended to apply only to a wired medium, while actually it applies to any interface to which an IP connection can be set up. Thus, having manually set up a wireless connection, the UPnP can be used over it in the same manner as with the wired connection.
Registrar STA configures enrollee STA
In this case the AP stands in the middle and acts as an authenticator, meaning it only proxies the relevant messages from side to side.

Protocol

[edit]

The WPS protocol consists of a series of EAP message exchanges that are triggered by a user action, relying on an exchange of descriptive information that should precede that user's action. The descriptive information is transferred through a new Information Element (IE) that is added to the beacon, probe response, and optionally to the probe request and association request/response messages. Other than purely informative type–length–values, those IEs will also hold the possible and the currently deployed configuration methods of the device.

After this communication of the device capabilities from both ends, the user initiates the actual protocol session. The session consists of eight messages that are followed, in the case of a successful session, by a message to indicate that the protocol is completed. The exact stream of messages may change when configuring different kinds of devices (AP or STA), or when using different physical media (wired or wireless).

Band or radio selection

[edit]
A Telstra 4GX Advanced III mobile broadband device showing WPS pairing options for a particular radio/band.

Some devices with dual-band wireless network connectivity do not allow the user to select the 2.4 GHz or 5 GHz band (or even a particular radio or SSID) when using Wi‑Fi Protected Setup, unless the wireless access point has separate WPS button for each band or radio; however, a number of later wireless routers with multiple frequency bands and/or radios allow the establishment of a WPS session for a specific band and/or radio for connection with clients which cannot have the SSID or band (e.g., 2.4/5 GHz) explicitly selected by the user on the client for connection with WPS (e.g. pushing the 5 GHz, where supported, WPS button on the wireless router will force a client device to connect via WPS on only the 5 GHz band after a WPS session has been established by the client device which cannot explicitly allow the selection of wireless network and/or band for the WPS connection method).[13][14]

Security problems

[edit]

Online brute-force attack

[edit]

In December 2011, researcher Stefan Viehböck reported a design and implementation flaw that makes brute-force attacks against PIN-based WPS feasible to be performed on WPS-enabled Wi‑Fi networks. A successful attack on WPS allows unauthorized parties to gain access to the network, and the only effective workaround is to disable WPS.[5] The vulnerability centers around the acknowledgement messages sent between the registrar and enrollee when attempting to validate a PIN, which is an eight-digit number used to add new enrollees to the network. Since the last digit is a checksum of the previous digits,[15] there are seven unknown digits in each PIN, yielding 107 = 10,000,000 possible combinations.

When an enrollee attempts to gain access using a PIN, the registrar reports the validity of the first and second halves of the PIN separately. Since the first half of the pin consists of four digits (10,000 possibilities) and the second half has only three active digits (1000 possibilities), at most 11,000 guesses are needed before the PIN is recovered. This is a reduction by three orders of magnitude from the number of PINs that would be required to be tested. As a result, an attack can be completed in under four hours. The ease or difficulty of exploiting this flaw is implementation-dependent, as Wi‑Fi router manufacturers could defend against such attacks by slowing or disabling the WPS feature after several failed PIN validation attempts.[4]

A young software developer based out of a small town in eastern New Mexico created a tool that exploits this vulnerability to prove that the attack is feasible.[16][17] The tool was then purchased by Tactical Network Solutions in Maryland. They state that they have known about the vulnerability since early 2011 and had been exploiting it.[18]

In some devices, disabling WPS in the user interface does not result in the feature actually being disabled, and the device remains vulnerable to this attack.[6] Firmware updates have been released for some of these devices allowing WPS to be disabled completely. Vendors could also patch the vulnerability by adding a lock-down period if the Wi‑Fi access point detects a brute-force attack in progress, which disables the PIN method for long enough to make the attack impractical.[19]

Offline brute-force attack

[edit]

In the summer of 2014, Dominique Bongard discovered what he called the Pixie Dust attack. This attack works only on the default WPS implementation of several wireless chip makers, including Ralink, MediaTek, Realtek and Broadcom. The attack focuses on a lack of randomization when generating the E-S1 and E-S2 "secret" nonces. Knowing these two nonces, the PIN can be recovered within a couple of minutes. A tool called pixiewps has been developed[20] and a new version of Reaver has been developed to automate the process.[21]

The access point sends two hashes, E-Hash1 and E-Hash2, to the client, proving that it also knows the PIN. E-Hash1 and E-Hash2 are hashes of (E-S1 | PSK1 | PKe | PKr) and (E-S2 | PSK2 | PKe | PKr), respectively. The hashing function is HMAC-SHA-256 and uses the "authkey" that is the key used to hash the data.

Since both the client and access point (enrollee and registrar, respectively) need to prove they know the PIN to make sure the client is not connecting to a rogue access point, the attacker already has two hashes that contain each half of the PIN, and all they need is to brute-force the actual PIN.

Physical security issues

[edit]
A generic service bulletin regarding physical security for wireless access points

All WPS methods are vulnerable to usage by an unauthorized user if the wireless access point is not kept in a secure area.[22][23][24]

A wireless router showing printed preset security information including the free Wi‑Fi

Many wireless access points have security information (if it is factory-secured) and the WPS PIN printed on them; this PIN is also often found in the configuration menus of the wireless access point. If this PIN cannot be changed or disabled, the only remedy is to get a firmware update to enable the PIN to be changed, or to replace the wireless access point.

It is possible to extract a wireless passphrase with the following methods using no special tools:[25]

  • A wireless passphrase can be extracted using WPS under Windows Vista and newer versions of Windows, under administrative privileges by connecting with this method then bringing up the properties for this wireless network and clicking on "show characters".
  • Within most Linux desktop and Unix distributions (like Ubuntu), all network connections and their details are visible to a regular user, including the password obtained through WPS. Furthermore, root (aka admin) can always access all network details through terminal, i.e. even if there is no window manager active for regular users.
  • A simple exploit in the Intel PROset wireless client utility can reveal the wireless passphrase when WPS is used, after a simple move of the dialog box which asks if you want to reconfigure this access point.[25]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Wi-Fi Protected Setup

View on Grokipedia
from Grokipedia
Wi-Fi Protected Setup (WPS) is a program and network standard developed by the to simplify the process of connecting devices to a network and configuring settings, particularly for non-technical users in home and small office environments. Introduced in 2007, it automates the transfer of network credentials, such as the service set identifier (SSID) and (WPA/WPA2) encryption keys, reducing the traditional multi-step manual configuration to as few as three steps. The standard supports multiple configuration methods to accommodate different user scenarios and device capabilities. The two mandatory methods are Push-Button Configuration (PBC), which activates a connection window by pressing a physical or virtual button on both the access point and client device, and the (PIN) method, where an 8-digit PIN displayed on the client is entered into the access point's interface. An optional method involves (NFC), enabling credential exchange by touching compatible devices. WPS is compatible with 802.11 standards including a/b/g/n and ensures with legacy devices while enforcing WPA2 security by default. Despite its convenience, WPS has faced significant criticism due to security vulnerabilities, most notably a flaw in the PIN authentication protocol revealed in 2011. This vulnerability allows remote attackers to brute-force the PIN offline because the protocol reveals partial confirmation of the first four digits after a failed attempt, reducing the effective key space from 10^8 to about 10^4 possibilities for the first half, enabling recovery in hours or less using tools like Reaver or Bully. As a result, many modern devices and operating systems, such as Android 9 and later, have deprecated WPS support in favor of more secure alternatives like Wi-Fi Easy Connect, which uses QR codes for device provisioning. The Wi-Fi Alliance continues to include WPS in certification programs for legacy compatibility, but recommends disabling it on access points where possible to mitigate risks.

Introduction and History

Overview and Purpose

Wi-Fi Protected Setup (WPS) is a specification developed by the Wi-Fi Alliance to enable the easy and secure connection of devices to a Wi-Fi network without requiring manual entry of a passphrase. It provides a standardized method for configuring security settings on wireless access points (APs) and client devices, ensuring interoperability among certified products. The primary purposes of WPS include simplifying the setup of and small networks, supporting the integration of legacy devices that may lack advanced configuration interfaces, and minimizing user errors in configuration. By automating the and processes, WPS addresses the challenges posed by complex passphrase-based setups, which often lead to insecure defaults or user frustration. Key benefits outlined in the original design encompass faster device enrollment, seamless with WPA and WPA2 protocols, and straightforward integration between APs and various client devices such as printers and cameras. These features aim to enhance user while maintaining robust , making networks more approachable for non-technical users. WPS was initially released in as a response to the growing complexity of setup in consumer environments, where manual configuration often resulted in security compromises or abandoned installations. The announced the program in August to unify easy-setup technologies from industry leaders, with testing commencing shortly thereafter.

Development and Standardization

Wi-Fi Protected Setup (WPS), originally known as Wi-Fi Simple Configuration, originated in 2006 as an initiative by the to simplify the configuration of secure Wi-Fi networks and address usability barriers hindering broader adoption of wireless technology in homes and small offices. The developed the initial specification, version 1.0, to enable easier device onboarding while maintaining compatibility with WPA and WPA2 security protocols. This effort was driven by the need to reduce the complexity of entering long passphrases, particularly for non-technical users. The specification was formalized in December 2006 and publicly announced in January 2007, with the launching its certification program later that year to ensure interoperability among compliant devices. Although WPS was not a formal IEEE standard, it was designed to align with the framework, particularly the 802.11i amendments for robust security, allowing seamless integration into existing ecosystems. The certification program required devices to support WPS methods alongside standard WPA2 , marking a key step in standardizing simplified setup across the industry. Products featuring WPS began appearing in the first quarter of 2007, primarily as reference designs from early adopters. Key development milestones included the integration of WPS into WPA2 frameworks from the outset, ensuring it enhanced rather than replaced existing security mechanisms, and the release of WPS 2.0 best practices in December 2010, which expanded support for dual-band operations on 2.4 GHz and 5 GHz frequencies to accommodate emerging multi-band access points. The collaborated closely with major vendors, incorporating contributions such as Broadcom's SecureEasySetup protocol and Intel's Smart Wireless Solution, which provided foundational elements for the PIN and methods. These vendor inputs helped refine the protocol for practical implementation in chipsets and devices. Further evolution with WPS 2.0 in 2011 enhanced certification and support for out-of-band methods, including (NFC) integration to enable tap-to-connect setups and transfers for secure credential exchange between devices. These enhancements built on the original specification's optional provisions, aiming to broaden WPS applicability to mobile and embedded devices while prioritizing ease of use in diverse environments.

Operational Modes

PIN Method

The PIN method serves as the core enrollment mechanism in Wi-Fi Protected Setup (WPS), enabling users to authenticate and configure devices using an 8-digit (PIN) rather than manually entering a full network . In this approach, the PIN is displayed on either the access point (AP, acting as the registrar) or the client device (acting as the enrollee), and the user enters it into the other device to initiate the connection process. This bidirectional flexibility allows the AP's PIN to be input on the client for standard setups or, less commonly, a client-generated PIN to be entered on the AP, facilitating credential exchange over the network. The PIN structure comprises seven randomly generated digits followed by an eighth checksum digit, computed using the WPS-specific 10 : sum = 3 × (sum of first six digits) + seventh digit, then checksum = (10 - sum mod 10) mod 10, to validate accuracy and catch transcription errors. This design balances randomness for with error-detection reliability, though the generation can occur internally by the AP for fixed or session-based PINs or externally by the client device. Upon entry, the registrar parses and verifies the PIN's format and before proceeding. The configuration steps begin with the user selecting the PIN mode on both devices and entering the code, prompting the registrar to authenticate the enrollee. If the PIN validates successfully, the registrar transmits the necessary credentials—such as the SSID, settings, and network passphrase (from which the enrollee derives the )—to the enrollee, completing the secure association. This typically takes under two minutes and supports both WPA-Personal and WPA2-Personal networks. A key advantage of the PIN method is its independence from physical proximity, allowing configurations across distances within Wi-Fi range, which proves ideal for remote device or scenarios lacking push-button hardware. Unlike proximity-dependent alternatives like configuration, it accommodates diverse user environments without additional infrastructure. In early WPS deployments from 2007 onward, the PIN method dominated as the mandatory requirement for all WPS-compliant devices, appearing by default on the majority of consumer routers and APs until vulnerabilities prompted widespread disabling in the 2010s.

Push Button Configuration

Push Button Configuration (PBC) is one of the operational modes in Wi-Fi Protected Setup (WPS) designed for straightforward device enrollment by leveraging physical or virtual button presses on both the access point (AP) and the client device, thereby avoiding the need for manual credential entry. This mode serves as a user-friendly option, particularly contrasting with the PIN method, which allows enrollment without physical proximity requirements. The enrollment process begins when the user presses the WPS button on the AP, activating a configuration session. Within a 2-minute window following this activation, the user must press the WPS button on the client device to signal its intent to join the network as the enrollee. This timing ensures synchronized activation between the registrar (typically the AP) and the enrollee (the client). If the button presses occur within this period, the devices proceed to exchange configuration data securely over the link. In PBC mode, no authentication codes or PINs are exchanged between devices; instead, the mechanism relies on the temporal alignment of button presses and inherent proximity to establish trust. Upon activation, the AP enters PBC mode and broadcasts messages, including a such as the device's UUID, to advertise its availability for enrollment during the active window. The client, upon button press, scans for these broadcasts and initiates the WPS protocol to negotiate network credentials, completing the association without additional user input. PBC requires specific hardware support, including a dedicated physical WPS button on the AP and client devices, or a software-based equivalent accessible via the user interface (UI) for virtual activation. This setup ensures reliable initiation of the mode on compatible Wi-Fi CERTIFIED devices. A key advantage of PBC is its simplicity for non-technical users, as it eliminates typing errors associated with PIN entry and streamlines the connection process to mere button presses. This makes it ideal for quick setups in home environments where users may lack familiarity with network parameters. However, PBC has limitations stemming from its reliance on timing and physical interaction, necessitating that the client device be kept in close proximity to the AP—typically within 5 meters—to minimize the risk of session overlap if multiple potential enrollees are active simultaneously. In such cases, the AP detects overlapping requests and signals an error, requiring the process to restart, which underscores the importance of isolating the intended client during activation.

Near Field Communication Method

The Near Field Communication (NFC) method serves as an extension to Wi-Fi Protected Setup (WPS), enabling contactless configuration of Wi-Fi networks primarily for mobile and (IoT) devices. Introduced by the in 2014 as part of the updated WPS certification program, this optional mode leverages short-range NFC technology to simplify device without requiring manual entry of network details. In the NFC method, an NFC-enabled client device, such as a smartphone, is tapped against the access point (AP) or a compatible NFC tag to initiate the setup process. This proximity-based interaction transfers the necessary Wi-Fi credentials from the registrar (typically the AP) to the enrollee (the client device) using NFC Data Exchange Format (NDEF) records formatted according to the Wi-Fi Simple Configuration specification. The NDEF record, identified by the payload type "application/vnd.wfa.wsc," encapsulates key network parameters including the service set identifier (SSID) and network passphrase (from which the pre-shared key is derived), allowing the client to automatically join the secure network. The technical framework for this method relies on the ISO/IEC 14443 standard for NFC communication, which operates at 13.56 MHz with a typical range of up to 10 cm to ensure secure, short-range exchanges. The profile is embedded within the NDEF structure as an unencrypted credential token, providing a streamlined channel for provisioning without exposing sensitive data over longer distances. This approach supports three primary usage models: direct device-to-device , tag-based configuration, and integration with NFC-enabled APs. One key advantage of the NFC method is its extreme simplicity for users, who can complete setup with a single tap, bypassing the need for physical buttons or entering PINs as required in other WPS modes. This makes it particularly suitable for consumer scenarios involving quick connections for guests or IoT peripherals. Adoption of the NFC method has been constrained to devices equipped with NFC hardware, limiting its widespread use compared to PIN or push-button alternatives. It gained integration into Android's Wi-Fi setup features around 2012, enabling native support for reading WPS NDEF records, while iOS incorporated similar NFC-based Wi-Fi provisioning capabilities in later updates following broader NFC enablement in 2014 with the iPhone 6. As of 2025, while still certified for legacy compatibility, WPS NFC sees limited use with the rise of more secure provisioning methods like Wi-Fi Easy Connect using Device Provisioning Protocol (DPP).

Technical Framework

System Architecture

Wi-Fi Protected Setup (WPS) utilizes a structured centered on defined roles and components to streamline the addition of devices to a secure network. The core roles consist of the Enrollee and the Registrar. The Enrollee represents the device attempting to join the network, such as a client station lacking the current network credentials, which it obtains through the registration process. The Registrar, conversely, is the authoritative entity responsible for configuring and distributing network credentials, including the service set identifier (SSID) and (PSK), to the Enrollee. In typical implementations, the Access Point (AP) functions as the primary component and internal Registrar, directly handling credential issuance to Enrollee client devices like laptops or smartphones. Client devices primarily operate as Enrollees during network joining. However, the architecture supports flexibility, including external Registrars that operate as separate entities and interface with the AP via Universal Plug and Play (UPnP) to manage configurations remotely. Proxy Registrars are also accommodated in advanced setups, where an intermediary device relays registration messages between an external Registrar and the Enrollee or AP, enabling operation in larger or segmented networks. The interaction model distinguishes (OOB) mechanisms for initiating from in-band channels for . OOB methods, such as entering an 8-digit PIN on the Registrar or pressing a physical button on both the Registrar and Enrollee, provide a secure trigger independent of the wireless medium to prevent unauthorized initiations. Following OOB , the in-band exchange proceeds over the link, ensuring the Enrollee can authenticate and receive credentials without prior network access. WPS architecture integrates with established Wi-Fi security frameworks by leveraging the Extensible Authentication Protocol (EAP), particularly through EAP-WSC messages for the registration exchange, within the broader WPA and WPA2 protocols. This compatibility allows WPS to configure PSKs that enable seamless adoption of WPA/WPA2-secured associations post-enrollment.

Protocol Operations

Wi-Fi Protected Setup (WPS), also known as Wi-Fi Simple Configuration (WSC), employs a structured protocol for device enrollment that begins with discovery and proceeds to secure credential exchange between the enrollee (the device seeking network access) and the registrar (the entity providing credentials). The core protocol leverages the Simple Service Discovery Protocol (SSDP) for initial discovery when using external registrars, utilizing SOAP messages over UDP on port 1900 to locate compatible registrars, followed by HTTP-based communication for subsequent configuration steps. This out-of-band or in-band approach ensures interoperability across Wi-Fi devices, as defined in the Wi-Fi Alliance's specifications. The enrollment sequence consists of an eight-message exchange (M1 through M8) carried within the Extensible Authentication Protocol - Wi-Fi Simple Configuration (EAP-WSC) method, which integrates with the IEEE 802.1X authentication framework to facilitate authenticated setup over the wireless medium. In M1, the enrollee initiates the process by sending its device capabilities, UUID, manufacturer details, a random nonce (N1), and Diffie-Hellman public key (PKE) to the registrar. The registrar responds in M2 with its own capabilities, a Diffie-Hellman public key (PKR), nonces (N1 and N2), and an authenticator derived using HMAC-SHA-256. In PIN mode, the enrollee then transmits its computed hashes (E-Hash1 and E-Hash2, derived from the device password PIN using PSK1/PSK2) and an authenticator in M3. The registrar replies in M4 with its hashes (R-Hash1 and R-Hash2), initial key-wrapped secrets (R-S1), and an authenticator, validating the first half of the PIN. Subsequent messages (M5 through M7) involve the enrollee sending key-wrapped response secrets (E-S1 in M5, E-S2 and config data in M7), the registrar providing key-wrapped second secrets (R-S2 in M6) and final network credentials (such as the pre-shared key or enterprise authentication details in M8), with authenticators in each. This sequence ensures mutual authentication and secure credential transfer without exposing sensitive data in plaintext. Key generation in the protocol relies on Diffie-Hellman key agreement to establish a shared secret between the enrollee and registrar during the M1-M2 phase, from which AuthKey and KeyWrapKey are derived using HMAC-SHA-256; a symmetric session key is then used to encrypt credentials via AES-CBC key wrap in M4-M8. The process incorporates HMAC-SHA-256 for authenticators in each message to verify integrity and authenticity, binding the exchange to the initial nonces and device attributes. For modes like PIN or push-button, the protocol briefly references registrar and enrollee roles, such as validating the PIN-derived hashes in M3 and M4 before proceeding. In PIN mode, the Device Password (8-digit PIN) is used to derive PSK1/PSK2, which compute the E-Hash/R-Hash values to prove knowledge of the PIN without transmitting it directly. Error handling is embedded throughout the protocol to maintain robustness, including provisions for negative acknowledgments (NACK) in response to invalid messages, such as mismatched authenticators or incorrect PIN hashes, which trigger session resets without revealing underlying secrets. Timeouts are enforced, typically with retransmission attempts limited to two per message and overall session durations capped at around two minutes to mitigate denial-of-service risks; if a timeout occurs or an invalid PIN is detected early (e.g., during M3/M4 validation), the protocol aborts the exchange and requires re-initiation via user action like re-entering the PIN or pressing the . These mechanisms ensure graceful failure while preserving security, as detailed in the Wi-Fi Alliance's operational guidelines.

Band and Radio Selection

Wi-Fi Protected Setup (WPS) supports dual-band operation, enabling the negotiation of frequency bands between 2.4 GHz (compatible with 802.11b/g/n standards) and 5 GHz (compatible with 802.11a/n/ac standards) based on the access point's (AP) capabilities and the client's preferences. This allows devices to connect on the most suitable band for performance and range, with multi-radio APs advertising their supported bands via the RF Bands attribute in and response frames. During the setup process, the enrollee (the device joining the network) initiates band negotiation by querying the AP's radio modes in the M1 message of the WPS protocol exchange, which includes the enrollee's own RF Bands attribute to indicate its supported frequencies. The registrar (typically integrated in the AP) responds in the M2 message with details of the supported bands using the RF Bands attribute, specifying values such as 2.4 GHz, 5 GHz, or both for dual-band APs. This exchange ensures compatibility assessment before credential provisioning. Configuration of the selected band occurs automatically by matching the overlapping capabilities of the enrollee and registrar, prioritizing higher-performance options like 5 GHz when possible, though user override may be available through the device's interface for specific band preferences. The security credentials (such as WPA/WPA2 PSK) generated during WPS are then applied exclusively to the chosen band, ensuring secure operation on that radio. Support for 5 GHz bands was incorporated into WPS revisions around 2009, coinciding with the widespread adoption of 802.11n for dual-band devices, enhancing compatibility with emerging multi-band hardware. In the context of 6E introducing the 6 GHz band, WPS handling remains limited, as the protocol has not been updated for full integration, contributing to its overall deprecation in favor of more robust modern standards.

Security Vulnerabilities

PIN Authentication Flaws

The PIN authentication method in Wi-Fi Protected Setup (WPS) relies on an 8-digit (PIN) entered by the user to establish a secure connection between a client device and an access point (AP). A fundamental design weakness lies in the protocol's validation process, which treats the PIN as two independent 4-digit halves rather than a single 8-digit value. This separation occurs during the exchange, where the protocol verifies the first half (digits 1-4) before proceeding to the second half (digits 5-8), allowing an attacker to brute-force each portion sequentially. As a result, the effective key space is reduced from 10^8 possible PINs to approximately 10^4 attempts for the first half and 10^3 for the second half, totaling around 11,000 trials in the worst case. Compounding this issue is the vulnerability in the PIN's checksum mechanism, which uses a simple Luhn-like algorithm to generate the eighth digit based on the preceding seven. The is computed by multiplying every second digit starting from the right (least significant) by 3, summing all values, and setting the eighth digit to (10 - (sum % 10)) % 10 to make the total sum 10 equal to 0. This deterministic computation enables attackers to predict the eighth digit offline once the first seven are guessed, further shrinking the search space for the second half to only 1,000 possibilities instead of 10,000. The 's predictability stems from its reliance on basic without additional , making it unsuitable for cryptographic security. WPS devices, particularly APs acting as registrars, generate and display an internal 8-digit PIN for use in the authentication process, often printed on the device label or accessible via its interface. However, the protocol's exposes this internal PIN to partial validation flaws: after approximately 11,000 attempts on the first half, the AP leaks of its correctness through differences in the error messages or message hashes (E-Hash1), allowing attackers to confirm success without revealing the full PIN immediately. This information leakage occurs because the protocol does not uniformly reject invalid first halves, instead providing distinguishable failure modes that narrow down possibilities efficiently. These flaws were first publicly detailed by security researcher Stefan Viehböck in December 2011, who demonstrated the vulnerabilities through analysis of the WPS protocol implementation across multiple devices. His work highlighted how the combination of halved validation and weak rendered the PIN method fundamentally insecure against determined offline or brute-force efforts, prompting widespread advisories from organizations like US-CERT and .

Brute-Force Attack Vectors

Brute-force attacks on Wi-Fi Protected Setup (WPS) exploit the PIN method's inherent weaknesses, enabling attackers to recover the 8-digit PIN and derive the WPA/WPA2 , thereby compromising the network. These attacks leverage the protocol's lack of and the separate verification of the PIN's first and second halves, as detailed in the underlying flaws. In the online variant, an attacker within radio range interacts directly with the access point by transmitting guessed PINs during the WPS registrar protocol. The design flaw allows confirmation of the first four digits after up to 10,000 attempts, and the remaining three digits (with the eighth as ) up to 1,000 attempts. In practice, each attempt takes 1-3 seconds due to message exchanges and delays, extending the total time to 4-10 hours in the worst case for unpatched devices without lockout mechanisms. The offline attack mitigates interaction requirements by capturing the initial M1-M3 messages of a WPS enrollment attempt through packet sniffing, then performing the brute-force computation locally using the revealed and Diffie-Hellman public keys. Tools such as Reaver automate this process, enabling an attacker to pause and resume the assault without maintaining constant proximity to the access point after the capture phase. This method remains effective against devices lacking WPS lockouts, with the computational burden shifted to the attacker's hardware for rapid PIN recovery. A specialized offline variant, known as the Pixie Dust attack, was disclosed in 2014 by researcher Dominique Bongard and targets implementations with low-entropy Diffie-Hellman key generation in and chipsets. By exploiting predictable nonces in the captured messages (E-S1 and E-S2), attackers can solve for the PIN algebraically in minutes or even seconds, bypassing traditional brute-force entirely. This affects a significant portion of routers from major vendors produced between 2008 and 2014, particularly those using vulnerable . These attack vectors achieve near-100% success rates on susceptible hardware without mitigations like PIN lockouts or . Early assessments following the 2011 disclosure indicated that the majority of consumer routers—estimated at up to 90% in some 2012 analyses—remained vulnerable due to incomplete patching by manufacturers.

Physical and Implementation Risks

The Push Button Configuration (PBC) method in Wi-Fi Protected Setup (WPS) relies on physical or virtual button activation to initiate a brief enrollment window, but this design exposes networks to tangible hardware-based risks. An attacker with physical access to the access point can simply press the WPS button to start the process, enabling their device to connect without needing credentials during the active period. Furthermore, once activated, PBC opens a two-minute interval in which any proximate device—authorized or not—can join the network, heightening the chance of unauthorized enrollment in shared or unsecured environments. Compounding these issues, numerous routers produced in the , particularly consumer models from major vendors, were shipped with WPS enabled by default, leaving users vulnerable to opportunistic physical or proximity-based exploits without initial configuration changes. This default setting facilitated drive-by attacks in public or semi-public settings, such as cafes or apartment complexes, where attackers could exploit accessible hardware interfaces or the lack of user awareness to initiate unauthorized connections. Vendor-specific implementation flaws further amplified these physical and environmental weaknesses in early WPS deployments. Prior to 2012, many devices omitted on authentication attempts, allowing repeated enrollments without delays that could deter persistent physical tampering. Similarly, some implementations employed weak for dynamic PINs or associated nonces, enabling attackers to predict or rapidly derive enrollment codes through offline analysis after gaining temporary physical or interface access. Integration with Universal Plug and Play (UPnP) for external registrars introduced additional implementation risks, as this feature permits remote configuration of WPS parameters over the network. If firewalls are misconfigured to expose UPnP services to the wide-area network, attackers can impersonate registrars and initiate enrollment without physical proximity, bypassing intended hardware controls.

Current Status and Legacy

Following the security vulnerabilities disclosed in 2011, the acknowledged the flaws in WPS and revised its test plan in to require rate-limiting on PIN attempts in all newly certified devices, thereby reducing the feasibility of brute-force attacks. Major router vendors quickly adapted by disabling WPS by default or issuing strong recommendations against its use. For instance, urged users to disable WPS entirely on affected devices starting in to eliminate exposure risks. incorporated safeguards like temporary lockdowns after repeated failed PIN attempts and explicitly advises disabling the PIN method to prevent exploitation. Adoption of WPS declined markedly in the years after these responses, reflecting broader industry shifts toward enhanced security. A 2015 wireless LAN war driving survey in revealed that only 28.82% of surveyed access points had WPS enabled, down from 34.08% in 2014, signaling reduced reliance on the feature amid growing awareness of its risks. Android deprecated WPS support starting in version 9 (2018), while the introduced Wi-Fi Easy Connect in 2018 as a secure QR code-based alternative and continues to support WPS for legacy compatibility with recommendations to disable it where possible. Similarly, Apple has never supported WPS on iOS devices such as iPhones due to its fundamental security flaws, including vulnerability to brute-force attacks. In enterprise networks, WPS usage was effectively phased out around 2020, with vendors like calling for its complete removal to prioritize secure onboarding methods. Despite these trends, WPS persists in legacy hardware for compatibility with older devices, though modern updates from vendors typically disable it by default or provide straightforward options to lock it out. This residual support underscores the gradual transition away from WPS, ensuring minimal disruption while emphasizing security in updated systems.

Alternatives in Modern Wi-Fi Standards

Modern Wi-Fi standards have introduced several alternatives to Wi-Fi Protected Setup (WPS), addressing its security shortcomings through more robust authentication and provisioning mechanisms. In WPA3, released in 2018 by the , the (SAE) protocol serves as a key component for personal networks, enabling a secure that authenticates devices without relying on vulnerable PINs or push-button methods. SAE, based on the handshake, provides and resists offline dictionary and brute-force attacks by deriving unique session keys for each connection. Complementing SAE, WPA3's Opportunistic Wireless Encryption (OWE) enhances security for open networks by automatically encrypting traffic between devices and access points without requiring user credentials, using to establish per-client encryption keys. This approach mitigates risks in public hotspots, where traditional open networks offered no protection. OWE is defined in RFC 8110 and integrated into WPA3 to promote encrypted communications by default. As a direct successor to WPS, the Device Provisioning Protocol (DPP), introduced by the in 2018, facilitates secure device onboarding using out-of-band methods like or NFC tags, eliminating the need for shared secrets vulnerable to brute-force attacks. DPP employs for authentication, where a configurator device (e.g., a ) bootstraps the enrollee (e.g., an IoT device) with network credentials, ensuring and key establishment. Easy Connect, the consumer-facing implementation of DPP, simplifies setup for headless IoT devices by allowing users to scan a to provision access without manual password entry. By 2025, WPA3 has become mandatory for Wi-Fi 6E and Wi-Fi 7 certifications, particularly in the 6 GHz band, driving widespread adoption in new routers and client devices to ensure baseline . WPS support has been phased out in modern hardware, with manufacturers like deprecating it in Android 9 and replacing it with DPP-based methods in and later versions; iOS ecosystems rely on alternative provisioning like HomeKit for similar IoT setups, though native DPP support remains limited. As of February 2025, 23 DPP-certified devices from 6 vendors were available, indicating growing but limited adoption. These alternatives offer significant advantages over WPS, including cryptographic in SAE to protect past sessions from key compromise, elimination of brute-force risks through asymmetric in DPP, and improved for multi-device environments like smart homes. By prioritizing secure, user-friendly enrollment without legacy vulnerabilities, WPA3 and DPP enable safer ecosystems, particularly for IoT proliferation.

References

  1. https://resources.oreilly.com/examples/9780470438916/-/raw/7b489a7407c9a4614f839025f60ad4126ddc9c74/9780470438916/White%20Papers/W_Fi_CERTIFIED_for_Wi_Fi_Protected_Setup.pdf
  2. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120111-wps
  3. https://resources.oreilly.com/examples/9780470438916/-/raw/7b489a7407c9a4614f839025f60ad4126ddc9c74/9780470438916/White%2520Papers/W_Fi_CERTIFIED_for_Wi_Fi_Protected_Setup.pdf?inline=false
  4. https://www.smallnetbuilder.com/wireless/wireless-features/wi-fi-protected-setup-wps-need-to-know/
  5. https://www.telecompaper.com/news/wifi-alliance-unveils-wifi-protected-setup-program--527570
  6. https://www.theregister.com/2006/08/20/wps_announced/
  7. https://www.scribd.com/document/302097274/Wi-Fi-Protected-Setup-Specification-1-0h
  8. https://wifinetnews.com/archives/2007/01/wi-fi_protected_setup_details_announced.html
  9. https://docs.huihoo.com/wi-fi/WP-State-of-Wi-Fi-Security-English-200909.pdf
  10. https://www.scribd.com/document/526997457/Wi-Fi-Protected-Setup-Best-Practices-v2-0-2
  11. http://www.ccs.neu.edu/home/noubir/publications-local/SNN13.pdf
  12. https://www2.eecs.berkeley.edu/Pubs/TechRpts/2013/EECS-2013-193.pdf
  13. https://www.khoury.northeastern.edu/home/sashank/publications/wps_ieee_cns.pdf
  14. https://gist.github.com/drygdryg/b813b3f83b998f0d7faa786735e5bd16
  15. https://www.cisco.com/c/en/us/support/docs/smb/wireless/cisco-small-business-300-series-wireless-access-points/smb2485-wi-fi-protected-setup-wps-enrollment-configuration-on-the-wa.html
  16. https://web.mit.edu/freebsd/head/contrib/wpa/wpa_supplicant/README-WPS
  17. https://www.usenix.org/legacy/event/sec11/tech/full_papers/Gollakota.pdf
  18. https://www.prnewswire.com/news-releases/wi-fi-certified-wi-fi-protected-setup-adds-nfc-tap-to-connect-for-simple-set-up-of-security-protected-wi-fi-devices-and-networks-254517861.html
  19. https://ndeflib.readthedocs.io/en/stable/records/wifi.html
  20. https://stackoverflow.com/questions/9785333/wps-parameters-wifi-nfc-and-android
  21. https://www.cs.cmu.edu/~rdriley/330/papers/viehboeck_wps.pdf
  22. https://upnp.org/specs/gw/UPnP-gw-DeviceProtection-V1-Service.pdf
  23. https://docs.silabs.com/wifi91xrcp/latest/wifi91xrcp-developers-guide-wifi-features/wifi-protected-setup
  24. http://ww1.microchip.com/downloads/en/AppNotes/WPS-App-note.pdf
  25. https://www.acsij.org/index.php/acsij/article/viewFile/67/63
  26. https://patents.google.com/patent/US8447978B2/en
  27. https://blogs.cisco.com/networking/it-is-time-to-deprecate-and-replace-wi-fi-unprotected-setup
  28. https://www.kb.cert.org/vuls/id/723755
  29. https://www.cisa.gov/news-events/alerts/2012/01/06/wi-fi-protected-setup-wps-vulnerable-brute-force-attack
  30. https://github.com/t6x/reaver-wps-fork-t6x
  31. http://archive.hack.lu/2014/Hacklu2014_offline_bruteforce_attack_on_wps.pdf
  32. https://www.sciencedirect.com/science/article/pii/S1361372312700040
  33. https://routersecurity.org/wps.php
  34. https://us.hitrontech.com/learn/what-is-wps-on-my-router/
  35. https://routersecurity.org/SecureRouters.php
  36. https://www.avoidthehack.com/router-wireless-guide
  37. https://securityaffairs.com/27918/hacking/wi-fi-wps-hacking.html
  38. https://www.theverge.com/2012/3/6/2849893/wi-fi-alliance-wps-security-hole
  39. https://www.fierceelectronics.com/tech/cisco-disable-wps-vulnerable-wi-fi-devices
  40. https://kb.netgear.com/19824/How-does-my-NETGEAR-router-protect-me-from-Wi-Fi-Protected-Setup-WPS-PIN-brute-force-attacks
  41. http://www.safewifi.hk/files/2017/wd2015-reportv0.3_ofca.pdf
  42. https://source.android.com/docs/core/connect/wifi-easy-connect
  43. https://stackoverflow.com/questions/45047495/does-ios11-support-wps-wifi-protected-setup
  44. https://spectrum.ieee.org/everything-you-need-to-know-about-wpa3
  45. https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/wpa3-dg.html
  46. https://link.springer.com/article/10.1007/s10207-025-00988-3
  47. https://www.researchgate.net/publication/388801920_Security_analysis_of_the_Wi-Fi_Easy_Connect
Add your contribution
Related Hubs
User Avatar
No comments yet.